Closed Bug 2007362 Opened 3 months ago Closed 3 months ago

Crash in [@ windhawk.dll | VirtualQuery] with Windhawk 1.6.1.0 mods

Categories

(External Software Affecting Firefox :: Other, defect)

Product:
External Software Affecting Firefox
Component:
Other
Platform:
Unspecified
Windows 11
Type:
defect

Tracking

(firefox148 fixed)

Status:
RESOLVED FIXED
Milestone:
148 Branch
Tracking Flags:
Tracking Status
firefox148 --- fixed

People

(Reporter: gsvelto, Assigned: gstoll)

Details

(Keywords: crash)

Crash Data

Attachments

(1 file)

Bug 2007362 - block older versions of windhawk.dll in utility, rdd, socket processes r=gsvelto!
48 bytes, text/x-phabricator-request
Details | Review

Crash report: https://crash-stats.mozilla.org/report/index/db0a57fa-2389-4ad8-8c04-f1a660251219

Reason:

EXCEPTION_ACCESS_VIOLATION_READ

Top 10 frames:

0  windhawk.dll  windhawk.dll@0x2ae42
1  windhawk.dll  windhawk.dll@0x44c7b
2  KERNELBASE.dll  WaitForSingleObjectEx
3  windhawk.dll  windhawk.dll@0x1e449
4  windhawk.dll  windhawk.dll@0xe9bf7
5  windhawk.dll  windhawk.dll@0xe9bf7
6  windhawk.dll  windhawk.dll@0xe9c0f
7  windhawk.dll  windhawk.dll@0x1e3a7
8  windhawk.dll  windhawk.dll@0xe9bf7
9  windhawk.dll  windhawk.dll@0xe9bf7

I got a hint that something was wrong with Windhawk mods again via the missing modules list e-mail which reported 34087 crash reports missing symbols for windhawk.dll. For some reason only a handful seem to have reached Socorro, or maybe they're hidden under another signature. Crash pings confirm this has significant volume: https://crash-pings.mozilla.org/#xHjEiq

crash-pings indicate these only seem to happen in the utility, socket, and rdd process, which is probably why this isn't showing up on Socorro much.

A query of crash pings shows that the versions of windhawk.dll range from 1.5.1 to 1.6.1. 1.7.1 is the newest version, but 1.6.1 was the latest available version until 2 weeks ago, so I'm not sure this means anything.

Anyway, due to the nature of Windhawk I doubt it's doing anything useful in the socket and rdd process. It may be doing some sort of file dialog styling in the utility process, but the crash volume is high enough that I think we should just block these older versions in all utility processes.

Assignee: nobody → gstoll
Severity: -- → S2
Status: NEW → ASSIGNED

Thanks for the quick analysis, indeed blocking sounds the best course of action.

Pushed by gstoll@mozilla.com: https://github.com/mozilla-firefox/firefox/commit/55c9425d9a3c https://hg.mozilla.org/integration/autoland/rev/fc8cf6a9f968 block older versions of windhawk.dll in utility, rdd, socket processes r=gsvelto

Filed an issue with Windhawk, mostly informational as I'm getting more convinced that this issue might be fixed version 1.7 and above.

https://hg.mozilla.org/mozilla-central/rev/fc8cf6a9f968

Status: ASSIGNED → RESOLVED
Closed: 3 months ago
status-firefox148: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 148 Branch
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: